Updating wazuh manager password in kubernetes

 

Updating wazuh manager password in kubernetes




Updated as of 2025-11-06

After scouring the internet (where even the LLM was giving me wrong answers), I had to scour for information scattered across gitub issues and various blog posts. All of them were slightly wrong so I want to document my steps on updating the wazuh dashboard admin password for a kubernetes deployment of wazuh.

Here is how I did it.

The guide assumes the wazuh-kubernetes repository was used to deploy the cluster.

Step 1 - Generate the password hash

Shell into wazuh-indexer pod

kubectl exec -it -n wazuh pod/wazuh-indexer-0 -- bash

Generate password (the output will be a hash. Remember this!):

export JAVA_HOME=/usr/share/wazuh-indexer/jdk
bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
<type your password>

<PW_HASH>

Step 2 - Base64 encode your password

Outside of the indexer pod, base64 encode your password. We will need both later.

echo -n <new_password> | base64

So we should have a <PW_HASH> from step1 and a <PW_BASE64> from step2.

Step 3 - Replace the secret files

  • In wazuh-kubernetes/wazuh/secrets/indexer-cred-secret.yaml - replace the password with <PW_BASE64
  • In wazuh-kubernetes/wazuh/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml - replace the hash with <PW_HASH>

And run kubectl apply -k envs/local-env/

Step 4 - Run securityadmin script

This is where my steps differed slightly. Instead of port 9300 - mine was 9200. Also, instead of /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/, mine was /usr/share/wazuh-indexer/config/opensearch-security/. Basically i just had to find the yaml files that were edited. They were somewhere in /usr/share/wazuh-indexer/ so I just did a grep.

export INSTALLATION_DIR=/usr/share/wazuh-indexer
export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config
export CACERT=$OPENSEARCH_PATH_CONF/certs/root-ca.pem
export KEY=$OPENSEARCH_PATH_CONF/certs/admin-key.pem
export CERT=$OPENSEARCH_PATH_CONF/certs/admin.pem
export JAVA_HOME=/usr/share/wazuh-indexer/jdk

bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/config/opensearch-security/ -nhnv -cacert  $CACERT -cert $CERT -key $KEY -p 9200 -icl -h localhost

Step 5 - Restart the pods & login

kubectl delete -n wazuh  pod/wazuh-manager-master-0   pod/wazuh-manager-worker-0

and login to the wazuh dashboard. It should work now!

References

Comments

Post a Comment

Popular posts from this blog

So I started using neovim, and why it isn't for me

Image
So I started using Neovim-- So recently, I started getting into Neovim after being convinced by some people, watching more of "theprimeagen" and seeing how cool it could be. I still vividly remember that one time I saw a co-worker navigate through scripts with only his keyboard and thought to myself -- "wow if only I could do that". My relationship with Vim has been, more or less to say, hot & cold. I started using vim back in 2018 on my first job. Installing Nerdtree, learning the hjkl  commands, learning the different shortcuts that could be done in vim. However, quickly I realized that my productivity with Vim went down way too much to be useful so I went back to VSCode shortly after. Ever since then, I'd use vim only to quickly edit files in the terminal, but never as my main editor. Fast forward to today, I decided to give vim another try. This time, with Neovim. I went fully into the Neovim universe -- installing lazy, plugins, themes, LSP, you name it...
Read more

Importance of silence

Image
Reflection on this past month It's coming to the end of April! April showers bring May flowers -- as they usually say. What I'm seeing is more showers + flurries. Never in my life would I have imagined that it would snow almost in May! Back in Vancouver, it was mostly just rain with the occasional sun that would pop out.  --- I really do miss the rain. I'd love to just work while it's thunderstorming outside. I want to feel like I'm forced indoors, in a cozy environment drinking my warm mocha, while programming or just writing away.  Life this past month has been exciting! I've been going out more, taking on more things to do in both my personal life and work life, and overall just trying to put myself out there. Life is becoming colourful again. Meeting new people, making new friends, and getting new perspectives on life. I found myself starting to have random chitchat with strangers these days. Whether it's to feel a sense of connectedness, or just a frien...
Read more

Happy Chinese New Years! + Random thoughts

Image
Happy Chinese New Years! 新年快樂! Ice dragon sculpture in Ottawa It's the start of a new lunar year! I'm writing this on 初三, which means 3 days since the new year has started! This year, I didn't do much for Lunar New Year since I'm here in Ottawa now. Usually, I would go to a temple in Vancouver to pray, but there are no Buddhist temples here in Ottawa 😅. You see, my family is quite spiritual - as in. Growing up, my parents would always take us either to Buddhist temples or Christian churches to pray. I even attended Sunday school growing up! The value of tradition holds strongly in my family, and we always try to be honest with any spiritual being, whether that be God or Mazu.  Aside from tradition, we'd usually have hotpot or the like at home! Which, of course now that everyone is scattered across the world, we can't really do that anymore! But that's ok! We of course had a call and just had fun chatting with each other.  It was also in this new year that I...
Read more